Re: Using OpenBGPD as a route-server
Hi Claudio, Thanks, this has been helpfull. However i really need that bit of control from the peer's configuration end. You wouldn't happen to know how i can achieve the following?: A peer sends the following communities to the RS: 1234:1234 1234:7547 1234:8392 I want the route-server to send the routes received in the communities (yes they all contain the same routes) to every peer on the RS, except for those with AS 7547 and 8392. Was also wondering why you have that prepend rule in #5 while transparent-as is configured? Regards, Hans On Wed, Oct 29, 2008 at 12:08 PM, Claudio Jeker [EMAIL PROTECTED]wrote: On Tue, Oct 28, 2008 at 04:24:02PM +0100, Hans Vosbergen wrote: Hi Misc, I am trying to make OpenBGPD work as a route-server for a little hobby project I am working on. As it's very hard to find configuration examples for this usage on the web i have to turn here. What I am trying to achieve: - A route-server acting as a transparent route distributor. - Control by neighbours who their prefixes are announced to, based on communities. Making OpenBGP work as a transparent AS was the easy part. However I'm stuck in the communities control part. How it is supposed to work, my route-server has AS1234 in my test environment. If a neighbour announces: 1. { community 1234:1234 } -- Their prefixes will be announced to EVERY other neighbour. 2. { community 1234:as} -- Their prefixes will ONLY be announced to AS, ie: 1234:8943 will only send the prefixes to AS8943. 3. { community 1234:1234 1234:AS } -- Their prefixes will be announced to every other neighbour EXCEPT AS. I have been able to achieve the first 2 ways the prefix control should work, but I can't manage to get the 3rd to work. Before moving to OpenBGPD I managed to produce the way I want it to work in Quagga but I simply do not want to use that. Would anyone have an idea on how to make OpenBGPD not announce prefixes to specific neighbours if they appear in the 1234:1234 1234:AS list? The route server I set up uses more or less this config: # global configuration AS $ASNUM router-id $IP transparent-as yes network $LAN group RS { announce all max-prefix 5000 restart 15 set nexthop no-modify # softreconfig in no neighbor $LAN { descr RS peer passive } } # filter out prefixes longer than 24 or shorter than 8 bits deny from any prefixlen 8 24 # do not accept a default route, multicast and experimental networks deny from any prefix 0.0.0.0/0 deny from any prefix 10.0.0.0/8 prefixlen = 8 deny from any prefix 127.0.0.0/8 prefixlen = 8 deny from any prefix 169.254.0.0/16 prefixlen = 16 deny from any prefix 172.16.0.0/12 prefixlen = 12 deny from any prefix 192.0.2.0/24 prefixlen = 24 deny from any prefix 192.168.0.0/16 prefixlen = 16 deny from any prefix 224.0.0.0/4 prefixlen = 4 deny from any prefix 224.0.0.0/4 prefixlen = 4 deny from any prefix 240.0.0.0/4 prefixlen = 4 # we set's these communities to identify from where # it learned a route: match from any set community $ASNUM:neighbor-as # 1. Prepend RS $ASNUM to *all* RS-Peers match from group RS community $ASNUM:65500 set prepend-self 1 # 2. Prepend RS $ASNUM to *selected* RS-Peer N-times # (N can be 1 to 3) match to group RS community 65501:neighbor-as set prepend-self 1 match to group RS community 65502:neighbor-as set prepend-self 2 match to group RS community 65503:neighbor-as set prepend-self 3 # 3. Do *not* announce to RS-Peers with AS deny to group RS community $ASNUM:neighbor-as # 4. Do *not* announce to *ANY* RS-Peers deny to group RS community $ASNUM:65535 # 5. Prepend own announcement by one match to group RS prefix $LAN set prepend-self 1 Works like a champ without any additional per peer config :) -- :wq Claudio
Re: Using OpenBGPD as a route-server
On Fri, Oct 31, 2008 at 03:15:21PM +0100, Hans Vosbergen wrote: Hi Claudio, Thanks, this has been helpfull. However i really need that bit of control from the peer's configuration end. You wouldn't happen to know how i can achieve the following?: A peer sends the following communities to the RS: 1234:1234 1234:7547 1234:8392 I want the route-server to send the routes received in the communities (yes they all contain the same routes) to every peer on the RS, except for those with AS 7547 and 8392. deny to group RS community 1234:neighbor-as will result in a lookup of 1234:AS-of-neighbor-the-prefix-would-be-sent-to and so should do the trick. It is (currently) not possible to match 2 communities at once. Was also wondering why you have that prepend rule in #5 while transparent-as is configured? When transparent-as is set, networks that are localy originated are NOT prepended with the own AS so the remote site would receive an empty ASPATH attribute which is not expected on ebgp links. -- :wq Claudio
Re: Using OpenBGPD as a route-server
On Tue, Oct 28, 2008 at 04:24:02PM +0100, Hans Vosbergen wrote: Hi Misc, I am trying to make OpenBGPD work as a route-server for a little hobby project I am working on. As it's very hard to find configuration examples for this usage on the web i have to turn here. What I am trying to achieve: - A route-server acting as a transparent route distributor. - Control by neighbours who their prefixes are announced to, based on communities. Making OpenBGP work as a transparent AS was the easy part. However I'm stuck in the communities control part. How it is supposed to work, my route-server has AS1234 in my test environment. If a neighbour announces: 1. { community 1234:1234 } -- Their prefixes will be announced to EVERY other neighbour. 2. { community 1234:as} -- Their prefixes will ONLY be announced to AS, ie: 1234:8943 will only send the prefixes to AS8943. 3. { community 1234:1234 1234:AS } -- Their prefixes will be announced to every other neighbour EXCEPT AS. I have been able to achieve the first 2 ways the prefix control should work, but I can't manage to get the 3rd to work. Before moving to OpenBGPD I managed to produce the way I want it to work in Quagga but I simply do not want to use that. Would anyone have an idea on how to make OpenBGPD not announce prefixes to specific neighbours if they appear in the 1234:1234 1234:AS list? The route server I set up uses more or less this config: # global configuration AS $ASNUM router-id $IP transparent-as yes network $LAN group RS { announce all max-prefix 5000 restart 15 set nexthop no-modify # softreconfig in no neighbor $LAN { descr RS peer passive } } # filter out prefixes longer than 24 or shorter than 8 bits deny from any prefixlen 8 24 # do not accept a default route, multicast and experimental networks deny from any prefix 0.0.0.0/0 deny from any prefix 10.0.0.0/8 prefixlen = 8 deny from any prefix 127.0.0.0/8 prefixlen = 8 deny from any prefix 169.254.0.0/16 prefixlen = 16 deny from any prefix 172.16.0.0/12 prefixlen = 12 deny from any prefix 192.0.2.0/24 prefixlen = 24 deny from any prefix 192.168.0.0/16 prefixlen = 16 deny from any prefix 224.0.0.0/4 prefixlen = 4 deny from any prefix 224.0.0.0/4 prefixlen = 4 deny from any prefix 240.0.0.0/4 prefixlen = 4 # we set's these communities to identify from where # it learned a route: match from any set community $ASNUM:neighbor-as # 1. Prepend RS $ASNUM to *all* RS-Peers match from group RS community $ASNUM:65500 set prepend-self 1 # 2. Prepend RS $ASNUM to *selected* RS-Peer N-times # (N can be 1 to 3) match to group RS community 65501:neighbor-as set prepend-self 1 match to group RS community 65502:neighbor-as set prepend-self 2 match to group RS community 65503:neighbor-as set prepend-self 3 # 3. Do *not* announce to RS-Peers with AS deny to group RS community $ASNUM:neighbor-as # 4. Do *not* announce to *ANY* RS-Peers deny to group RS community $ASNUM:65535 # 5. Prepend own announcement by one match to group RS prefix $LAN set prepend-self 1 Works like a champ without any additional per peer config :) -- :wq Claudio